| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jon Jensen <jon(at)endpoint(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Refuse SSL patch |
| Date: | 2002-12-09 22:26:16 |
| Message-ID: | 20237.1039472776@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Jon Jensen <jon(at)endpoint(dot)com> writes:
> I haven't seen any previous mention of a similar patch, though I found the
> following idea proposed by Magnus Hagander which I like:
>> Perhaps we shuold replace PGREQUIRE_SSL with "PGSSLMODE", being:
>> 0 - Refuse SSL
>> 1 - Negotiate, Prefer non-SSL
>> 2 - Negotiate, Prefer SSL (default)
>> 3 - Require SSL
Hm, I like that better than two independent boolean vars (it's not
obvious which should override the other, or why); moreover it adds
more functionality (your approach does not provide a way to do mode 1).
For backwards compatibility, if PGSSLMODE is not set then you could look
for PGREQUIRE_SSL, and assume mode 3 (rather than the default 2) if
PGREQUIRE_SSL is set.
It might be better to use keywords or mnemonics of some kind in place of
these arbitrary numeric codes. No strong feeling about that.
> Is this useful to others? If you'd like me to make some changes to make it
> acceptable, please let me know.
Patches to the relevant documentation would be a minimum requirement.
(In looking at this, I observe the original patch neglected to document
the PGREQUIRE_SSL environment variable; don't emulate that bad example.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Philip Warner | 2002-12-09 23:12:31 | Re: psql's \d commands --- end of the line for |
| Previous Message | Bruce Momjian | 2002-12-09 22:25:41 | Re: minor doc improvements |